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- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments filed 02/05/2004 have been fully considered but they are not 
persuasive. Please see the following reasons and the grounds of rejection restated below, 

2. The applicant first defines a portion of the invention by describing the difference between 
kernel mode and user mode. Specifically, "User-mode processes/data, such as. . .application 
code/data, is separate from kernel-mode processes/data... Kernel-mode processes/data is 
privileged and includes, for example, the operating system executive code and system data" 
(page 14, paragraph 4). The applicant goes on to argue that in the rejected independent claims, 
the references used fail to "identify or otherwise even come close to realizing that a user-side 
portion of a network server logic can selective specify at least one network from which the user 
side portion would accept client device information and that a kernel-side portion of the network 
server logic could be configured to accept the client device information" (page 15, paragraph 4). 
The argument is not persuasive because the Nagaoka et al. (USPN 6,574,656) reference does 
teach these limitations even when the applicant's definition of kernel side is accepted. 
Specifically, in column 7, lines 43-56, Nagaoka et al. (USPN 6,574,656) describes the method 
for users to define from which networks client information is to be accepted. In column 8, lines 
46-55, Nagaoka et al. (USPN 6,574,656) explain the kernel side process of accepting or denying 
client information fi-om those specified networks. This is a kernel mode process because it is 
privileged and once the user enters the network information, the acceptance process is carried out 
with no user-side interaction. 

3. All further arguments are not persuasive for the same reasons shown above. 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1, 2, 4-6, 8-11, 13, 14, 16-18, 20-23, 25-27, 29-31, and 33-36 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Nagaoka et al. (USPN 6,574,656) in view of the 
Microsoft Press Computer Dictionary (1997). 

6. Regarding claims 1, 13, and 26, Nagaoka et al. (USPN 6,574,656) teach a system for 
controlling access to a server device by at least one client device that is operatively coupled to 
the server device through at least one interconnecting network with means for: 

a. Causing a user-side portion of a network server logic within the server device 
to selectively specify at least one group from which the user-side portion 
would accept client device information (column 7, lines 43-48, 50-56). (Note 
that in the reference, the groups with access to certain commands are defined.) 

b. Causing a kernel-side portion of the network server logic to accept the client 
device information only if the client device information has been provided via 
the specified group (column 8, lines 46-55). 

Although the system disclosed by Nagaoka et al. (USPN 6,574,656) shows substantial 
features of the claimed invention, it fails to disclose means wherein the group is specifically a 
network. 
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However, Nagaoka et al. (USPN 6,574,656) suggest that a group is made up of a plurality 
of computers connected by a communications link. It is obvious that this group is a network as 
evidenced by the definition stated in the Microsoft Press Computer Dictionary (1997) 

The Microsoft Press Computer Dictionary defines a network as "A group of computers 
and associated devices that are connected by communications facilities. (page 327). The 
group as defined in Nagaoka et al. (USPN 6,574,656) clearly fits this definition of a network. 

Given the teaching of the Microsoft Press Computer Dictionary (1997), a person having 
ordinary skill in the art would have readily recognized the desirability and advantages of 
modifying Nagaoka et al. (USPN 6,574,656) by referring to the group of computers as a 
network. This benefits the system by standardizing the groups and allowing for increased 
connectivity with a growing system of new networks. 

7. Regarding claims 2, 14, and 27, Nagaoka et al. (USPN 6,574,656) teach all the 
limitations as applied to claims 1,13, and 26, respectively. They fiarther teach means wherein if 
the client device information has not been provided via the specified network, causing the 
kernel-side portion to reject the client device information and notify the client device in a manner 
that identifies the rejection (column 8, Hnes 55-63). 

8. Regarding claims 4, 16, and 29, Nagaoka et al. (USPN 6,574,656) teach all the 
limitations as applied to claims 1,13, and 26, respectively. They fiarther teach means for: 

a. Providing a communication socket for use by the kernel-side portion (figure 1, 
communication line for element 300). 
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b. Causing the kernel-side portion to compare client device information received 
on the communication socket to the specified network (column 8, lines 46- 

51). 

9. Regarding claims 5, 17, and 30, Nagaoka et al. (USPN 6,574,656) teach all the 
limitations as applied to claims 1,13, and 26, respectively. They further teach means wherein: 

a. Wherein causing the user-side portion to selectively specify at least one group 
from which the user-side portion would accept the client device information, 
further includes causing the user-side portion to selectively specify a plurality 
of groups from which the user-side portion would accept the client device 
information (column 5, lines 62-63; column 7, lines 51-56). 

b. Wherein causing the kernel-side portion to accept the client device 
information only if the client device information has been provided via the 
specified group, further includes causing the kernel-side portion to accept the 
client device information only if the client device information has been 
provided via at least one of the specified plurality of groups (column 8, lines 
46-50). 

Ahhough the system disclosed by Nagaoka et al. (USPN 6,574,656) shows substantial 
features of the claimed invention, it fails to disclose means wherein the group is specifically a 
network. 

However, Nagaoka et al. (USPN 6,574,656) suggest that a group is made up of a plurality 
of computers connected by a communications link. It is obvious that this group is a network as 
evidenced by the definition stated in the Microsoft Press Computer Dictionary (1997) 
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The Microsoft Press Computer Dictionary defines a network as "A group of computers 
and associated devices that are connected by communications facilities. . (page 327). The 
group as defined in Nagaoka et al. (USPN 6,574,656) clearly fits this definition of a network. 

Given the teaching of the Microsoft Press Computer Dictionary (1997), a person having 
ordinary skill in the art would have readily recognized the desirability and advantages of 
modifying Nagaoka et al. (USPN 6,574,656) by referring to the group of computers as a 
network. This benefits the system by standardizing the groups and allowing for increased 
connectivity with a growing system of new networks. 

10. Regarding claims 6, 18, and 31, Nagaoka et al. (USPN 6,574,656) teach all the 
limitations as applied to claims 1, 13, and 26, respectively. They fiarther teach means wherein 
causing the user-side portion to selectively specify the at least one network from which the user- 
side portion would accept the client device information ftirther includes having the user-side 
portion specify at least one local network interface (figure 1, element 200). Note this is the 
transmission line used for communications. 

11. Regarding claims 8, 20, and 33, Nagaoka et al. (USPN 6,574,656) teach al the limitations 
as applied to claims 1,13, and 26, respectively. They further teach means wherein the network 
server logic is operatively configured to support at least one client-server based process selected 
from a group of processes comprising a file-sharing communication process, a TCP-based 
communication process, a UDP-based communication process, a HTTP-based communication 
process, a digital media based communication process, a DNS-based communication process, 
and a database related communication process (figure 1; column 8, lines 46-51). Note that a 
database is used. Also, any number of different transaction types can take place if authorized. 
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12. Regarding claims 9, 21, and 34, Nagaoka et al. (USPN 6,574,656) teach all the 
limitations as applied to claims 1,13, and 26, respectively. They further teach means wherein 
the user-side portion includes an application-programming interface (API) operatively 
configured to allow an application to specify the at least one network from which the user-side 
portion would accept the client device information (column 7, lines 42-48). 

13. Regarding claims 10, 22, and 35, Nagaoka et al, (USPN 6,574,656) teach all the 
limitations as applied to claims 9, 21, and 34, respectively. They further teach means wherein 
the API is further operatively configured to allow the application to specify a listing of networks 
from which the user-side portion would accept the client device information (column 7, lines 51- 
56). 

14. Regarding claims 11, 23, and 36, Nagaoka et al. (USPN 6,574,656) teach all the 
limitations as applied to claims 10, 22, and 35, respectively. They further teach means wherein 
the API is further operatively configured to allow the application to selectively modify the listing 
of networks from which the user-side portion would accept the client device information 
(column 7, lines 51-56). Note that the allowed groups can be changes at any time. 

15. Regarding claim 25, Nagaoka et al. (USPN 6,574,656) teach a system for 
communications with means for: 

a. Issuing, by a user-side application, at least one group identifier from which the 
user-side application would accept client device information (column 7, lines 
43-56). 

b. Receiving, by a user-side portion of a network server process, the at least one 
group identifier (column 7, lines 43-56) 
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Issuing, by the user-side portion, the at least one group identifier (column 7, 



lines 43-56). 



d 



Receiving, by a kernel- side portion of a network server process, the at least 



one group identifier (column 8, lines 46-50). 



Although the system disclosed by Nagaoka et al. (USPN 6,574,656) shows substantial 
features of the claimed invention, it fails to disclose means wherein the group is specifically a 
network. 

However, Nagaoka et al. (USPN 6,574,656) suggest that a group is made up of a plurality 
of computers connected by a communications link. It is obvious that this group is a network as 
evidenced by the definition stated in the Microsoft Press Computer Dictionary (1997) 

The Microsoft Press Computer Dictionary defines a network as "A group of computers 
and associated devices that are connected by communications facilities. . (page 327). The 
group as defined in Nagaoka et al. (USPN 6,574,656) clearly fits this definition of a network. 

Given the teaching of the Microsoft Press Computer Dictionary (1997), a person having 
ordinary skill in the art would have readily recognized the desirability and advantages of 
modifying Nagaoka et al (USPN 6,574,656) by referring to the group of computers as a 
network. This benefits the system by standardizing the groups and allowing for increased 
connectivity with a growing system of new networks. 

16. Claims 3, 12, 15, 24, 28, and 37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Nagaoka et al. (USPN 6,574,656) and the Microsoft Press Computer 
Dictionary as applied to claim 2 above, and further in view of Comay et al. (USPN 6,363,489). 
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17. Regarding claims 3, 15, and 28, although the system disclosed by Nagaoka et al. (USPN 
6,574,656) and the Microsoft Press Computer Dictionary (as applied to claims 2, 14, and 27, 
respectively) shows substantial features of the claimed invention, it fails to disclose means 
wherein the kernel-side portion notifies the client device using at least one message selected 
from a group of messages comprising a TCP reset message and an ICMP destination unreachable 
message, as applicable. 

Nonetheless, these features are well known in the art and it would have been an obvious 
modification of the system disclosed by Nagaoka et al. (USPN 6,574,656) and the Microsoft 
Press Computer Dictionary, as evidenced by Comay et al. (USPN 6,363,489). 

In an analogous art, Comay et al. (USPN 6,363,489) disclose a system for rejection of 
unauthorized access wherein client device is notified using at least one message selected from a 
group of messages comprising a TCP reset message and an ICMP destination unreachable 
message, as applicable (column 7, lines 29-37). Note that a TCP reset message is sent. 

Given the teaching of Comay et al. (USPN 6,363,489), a person having ordinary skill in 
the art would have readily recognized the desirability and advantages of modifying Nagaoka et 
al. (USPN 6,574,656) and the Microsoft Press Computer Dictionary by employing the use of a 
TCP reset message to notify rejected client requests. This is a common message used in the art 
and benefits the system by providing a user with insight as to why the request was rejected (i.e. 
not authorized as opposed to the server not being in operation). 

18. Regarding claims 12, 24, and 37, although the system disclosed by Nagaoka et al, (USPN 
6,574,656) and the Microsoft Press Computer Dictionary (as applied to claims 1,13, and 26, 
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respectively) shows substantial features of the claimed invention, it fails to disclose means 
wherein the kernel-side portion includes a TCP/IP driver. 

Nonetheless, these features are v^ell known in the art and it would have been an obvious 
modification of the system disclosed by Nagaoka et al. (USPN 6,574,656) and the Microsoft 
Press Computer Dictionary, as evidenced by Comay et al. (USPN 6,363,489). 

In an analogous art, Comay et al. (USPN 6,363,489) disclose a system for rejection of 
unauthorized access wherein the kernel- side portion includes a TCP/IP driver (column 7, lines 
29-37). Note that TCP/IP is used for communication. 

Given the teaching of Comay et al. (USPN 6,363,489), a person having ordinary skill in 
the art would have readily recognized the desirability and advantages of modifying Nagaoka et 
al. (USPN 6,574,656) and the Microsoft Press Computer Dictionary by employing the use of a 
TCP/IP driver on the kernel side. This is a common protocol used in internetwork 
communications and benefits the system by allowing for interoperability with a maximum 
number of other networks without integrating new protocols. 

19. Claims 7, 19, and 32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nagaoka et al. (USPN 6,574,656) and the Microsoft Press Computer Dictionary as applied to 
claim 1 above, and ftirther in view of Skopp et al. (USPN 6,256,739). 

20. Regarding claims 7, 19, and 32, ahhough the system disclosed by Nagaoka et al. (USPN 
6,574,656) and the Microsoft Press Computer Dictionary (as applied to claims 1,13, and 26, 
respectively) shows substantial features of the claimed invention, it fails to disclose means 
wherein causing the user-side portion to selectively specify the at least one network from which 
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the user-side portion would accept the client device information further includes having the user- 
side portion specify at least one IP address. 

Nonetheless, these features are well known in the art and it would have been an obvious 
modification of the system disclosed by Nagaoka et al. (USPN 6,574,656) and the Microsoft 
Press Computer Dictionary, as evidenced by Skopp et al. (USPN 6,256,739). 

In an analogous art, Skopp et al. (USPN 6,256,739) disclose a system for limiting access 
to network resources wherein causing the user-side portion to selectively specify the at least one 
network from which the user-side portion would accept the client device information further 
includes having the user-side portion specify at least one IP address (column 6, lines 10-14; 
figure 4, element 360). 

Given the teaching of Skopp et al. (USPN 6,256,739), a person having ordinary skill in 
the art would have readily recognized the desirability and advantages of modifying Nagaoka et 
al. (USPN 6,574,656) and the Microsoft Press Computer Dictionary by employing the use of IP 
addresses to define the groups and operators. This benefits the system because groups can be 
defined by portions of their EP addresses that will not change. 

Conclusion 

21. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi"om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Parton whose telephone number is (703)306-0543. The 
examiner can normally be reached on M-F 8:00AM - 4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glenton Burgess can be reached on (703)305-4792. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Kevin Parton 
Examiner 
Art Unit 2153 
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